registry  /  @pizzapi/pizza  /  0.5.5

@pizzapi/pizza@0.5.5

PizzaPi — a self-hosted web interface and relay server for the pi coding agent. Stream live AI coding sessions to any browser.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface is established in this wrapper package. Its postinstall reconciles a fixed, package-owned platform dependency; its CLI launches that local binary only when invoked by the user.

Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall; explicit `pizza` or `pizzapi` command
Impact
No source-confirmed exfiltration, persistence, destructive action, or AI-agent control-surface mutation
Mechanism
fixed scoped platform-binary dependency reconciliation and launcher execution
Rationale
The flagged primitives are package-aligned: the postinstall restores an optional, version-matched `@pizzapi/cli-*` binary dependency and the user-invoked launcher executes it. The inspected source contains no concrete malicious chain.
Evidence
package.jsonbin/install.mjsbin/pizza.mjsREADME.md

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for warning
  • `package.json` runs `bin/install.mjs` via `postinstall`.
  • `bin/install.mjs` invokes npm/yarn/pnpm/bun only to install the matching `@pizzapi/cli-*` platform package when missing or stale.
  • `bin/pizza.mjs` executes the resolved local platform binary with user-supplied CLI arguments.
Evidence against
  • Only five package files are present; no hidden scripts or payloads were found.
  • No source performs HTTP/WebSocket requests, credential harvesting, file writes, eval, or agent-control configuration mutation.
  • Lifecycle logic uses a fixed allowlist of package-owned scoped platform dependencies and pins the installed version to its own version.
  • CLI execution is explicit user invocation and resolves only the expected platform package binary.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 12.6 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node bin/install.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node bin/install.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings